package cn.jbit.ams.user.config;

import java.util.HashMap;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import cn.jbit.ams.user.realem.ShiroRealem;



@Configuration
public class ShiroConfig {

	// 将自定义的验证方式(域)加入容器
	@Bean("shiroRealm")
	public ShiroRealem shiroRealm(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher) {
		ShiroRealem realem = new ShiroRealem();
		realem.setAuthorizationCachingEnabled(false);
		realem.setCredentialsMatcher(matcher);
		return realem;
	}

	// 权限管理，配置主要是使用自定义的Realm的管理认证
	@Bean
	public SecurityManager securityManager(@Qualifier("shiroRealm") ShiroRealem shiroRealm) {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(shiroRealm);
		return securityManager;
	}

	// 创建hashedCredentialsMatcher 用来匹配加密名称和加密次数
	@Bean("hashedCredentialsMatcher")
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
		// 指定加密方式为MD5
		credentialsMatcher.setHashAlgorithmName("md5");
		// 加密次数
		credentialsMatcher.setHashIterations(10);
		credentialsMatcher.setStoredCredentialsHexEncoded(true);
		return credentialsMatcher;
	}

	// Filter工厂，设置对应的过滤条件和跳转条件
	@Bean
	public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		shiroFilterFactoryBean.setSecurityManager(securityManager);
		Map<String, String> map = new HashMap<String, String>();
		// 注销 key: 动作 value:视图名称
		map.put("/logout", "logout");

		// 对所有用户认证 authc 需要认证
		map.put("/**", "authc");

		// 允许匿名访问 anon 表示不登陆也可以访问
		map.put("/gotu", "anon");
		map.put("/login", "anon");
		map.put("/dologin", "anon");
		map.put("/insert", "anon");
		map.put("/goinsert", "anon");
		map.put("/tu.html", "anon");
		map.put("/**/assets/**", "anon");
		map.put("/js/**", "anon");
		//findemplist必须是管理员权限才能访问
//		map.put("/dologin", "perms[admin]");

		// 登录页面
		shiroFilterFactoryBean.setLoginUrl("/login");
		// 认证成功跳转的页面
		shiroFilterFactoryBean.setSuccessUrl("/index");
		// 错误页面 进入404页面
		shiroFilterFactoryBean.setUnauthorizedUrl("/login-page");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
		return shiroFilterFactoryBean;
	}

	// 加入注解的使用，不加入这个注解不生效
	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
		return authorizationAttributeSourceAdvisor;
	}
}
